In an effort to help busy security managers, CISSP Shelley Bard's weekly column builds upon the concept of the perpetual calendar, offering a schedule of reminders for a proactive, strategic security plan. Here are the objectives Shelley prescribes for weeks 9 through 13.
Week 9: Banners in support of system monitoring
Objective: At least annually, review banner statement notifying users that by using the system they consent to monitoring.
Week 10: Are you throwing out company secrets? part 1 -- Physical records
Objective: Review policy and paper output, and holdings at least annually.
Week 11: Are you throwing out company secrets? part 2 -- Data destruction
Objective: Review data destruction policy at least annually.
Week 13: Social engineering --The low-tech side of high-tech
Objective: Include discussion on social engineering in your corporate-wide security awareness education program.